touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #35689
[Bug 784255] Re: Maverick heimdal packages have broken allow_weak_crypto implementation
Maverick has long since stopped to receive any updates. Marking the
Maverick task for this ticket as "Won't Fix".
** Changed in: heimdal (Ubuntu Maverick)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/784255
Title:
Maverick heimdal packages have broken allow_weak_crypto implementation
Status in “heimdal” package in Ubuntu:
Fix Released
Status in “heimdal” source package in Maverick:
Won't Fix
Bug description:
The allow_weak_crypto krb5.conf option was added to Heimdal during the
1.2 release, but was implemented incorrectly. The check for desired
enctypes was performed before the check to see if allow_weak_crypto is
true.
This has the unfortunate effect of resulting in a completely empty
enctypes list if the configured list of desired enctypes contains only
enctypes classified as "weak", since the "weak" enctypes are not valid
choices (and are thus kicked out of contention) until after the
filtering of the desired enctypes list is performed.
This feature was implemented during the 1.2 release of Heimdal, on 2008-08-17:
https://github.com/heimdal/heimdal/commit/aa3cf9664515246bb8a9674ef270ba9433e0f25c
And the logic was corrected to the proper behavior after the release of 1.4, on 2010-10-02:
https://github.com/heimdal/heimdal/commit/799956e9b7ebdeecd2df202638f7656a25664ed9
- Lucid provides Heimdal packages from the 1.2 branch (1.2.e1.dfsg.1-1ubuntu1) but do not contain any implementation of allow_weak_crypto.
- Maverick provides Heimdal packages from the 1.4 branch (1.4.0~git20100605.dfsg.1-2) that contain the mis-implemented version of the feature.
- Natty provides Heimdal packages from the 1.4 branch (1.4.0+git20110124) that contain the corrected version of the feature.
In addition to being fixed upstream and released in Natty, a new
enough version has also been released in Debian Experimental
(1.4.0+git20110411.dfsg.1-1).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/784255/+subscriptions